►
Description
Evolvability, Deployability, & Maintainability (EDM) Program Meeting, 2020-12-10
A
Today,
okay,
we
are
now
recording
so
welcome
to
our
edm
program
discussion
for
december.
So
last
we
talked
was
september.
I
guess
we're
going
to
keep
these
kind
of
roughly
at
the
same
frequency
as
iatf.
Unless
you
know
we
want
more
but
they're
offset,
because
we
live
in
a
virtual
world
where
nothing
aligns
and
nothing
needs
to
align
anymore.
A
Welcome
to
2020s
all
right
so
for
today,
I
wanted
to
focus
on
specifically
some
kind
of
broader
thoughts
that
we
have
around
extensibility
and
evolvability,
particularly
going
off
of
some
of
the
ideas
in
the
user.
Lose
it
draft
so
kind
of
anything
in
here
that
we
think
about,
I
think,
is
fair
game
to
discuss,
but
I
kind
of
want
to
focus
on
some
of
the
you
know.
Conceptual.
A
A
One
of
the
other
things
I
was
I
was
thinking
about
kind
of
as
we
look
at.
This
is
a
lot
of
the
examples
of
how
we
end
up
doing
version.
Negotiation
seem
to
be
about
putting
that
negotiation
in
some
other
layer
in
the
same
way
that
we
have
alpn
and
tls
determining
version
negotiation
of
http
practically
when
we're
doing
stuff
between
v4
and
v6.
A
We
use
the
ethernet
frame
types
as
opposed
to
actually
using
the
thing
embedded
in
itself
so
like
since
version
negotiation
is
like
a
pretty
fraught
thing
to
make
sure
we
have
active
use,
at
least
in
what
we've
done
so
far.
It
seems
putting
that
version.
Negotiation
in
some
other
protocols
extension
ends
up
being
something
that
has
worked
so
yeah.
Oh
here
we
go
so
I'm
curious.
What
do
people
think
about
that?
Are
there
any
conclusions
that
we
can
draw
or
how
do
we
pull
on
this
thread?.
B
So
I
think
one
of
the
interesting
things
here
is
that
you've
essentially
identified
another
example
of
why
the
core
thesis
holds
true,
and
that
is,
I
think,
I'm
reading
carsten's
comment
as
well
along
similar
lines
to
to
what
what
carson's
talking
about
and
in
that
when
you
have
a
single
protocol
and
the
the
only
way
for
that
protocol
to
be
upgraded
to
version.
Two
of
that
protocol
is
some
previously
untested
mechanism
within
the
protocol.
B
Then
you
end
up
with
this.
Well,
I
don't
know
if
it's
going
to
work
when
the
time
comes,
and
so
we
have
that
problem
with
a
with
a
bunch
of
protocols
and-
and
I
I
think,
you've
just
identified
a
really
good
example
of
how
to
apply
that.
So
maybe
we
can
just
expand
on
on
that
a
little
bit
and
talk
about
how
how
that
was
the
case.
C
Well,
I
mean
I,
I
don't
feel
like
the
cut
between,
because
you
cut
your
drawing
here,
I
don't
think
are
necessarily
the
cuts
between,
but
between
version
issues,
mechanism,
work
and
once
was
done.
It's
ones
which
are
which
are
prepared
to
have.
I
mean
protocols
have
in-band
negotiation
for
compatible
versioning
and
what
just
do
not
right,
so
I
mean
the
aopn.
C
Like
is
a
good
example
where
you
know
you
know
you,
you
didn't
want
to
have
to
spit
out
an
http.
You
know
1.1,
you
know,
requests
already
get
spun
up
on
on
on
h2,
and
so
I
think
that
the
two
scenarios
in
which
I
see
which
you
typically
don't
have
in
which
you
typically
want
out-of-band
negotiation,
are
ones
where
it's
not
interactive,
as
with
ip
or
where
you're
trying
to
rubies
around
trips,
as
with
as
with
as
with
rpm.
C
B
B
D
B
E
It
wasn't
just
that
it,
it
wasn't
just
that
they
were
expecting
the
four
to
be
there.
It
was
expecting
they
were
expecting
all
of
the
other
bits
of
that
header
to
be
in
the
places
that
they
expected
them
to
be
in
that
header,
including,
and
up
to
the
like
the
middle
boxes
that
we're
having
trouble
with
this.
We're
also
expecting
the
first
four
bytes
of
the
thing
after
the
ip
header
to
be
port
numbers,
no
matter
what.
C
E
Right
so,
but
the
the
it's
less
about,
okay,
so
the
behavior
of
saying
here
is
a
version
that
I
don't
understand
right
like
so.
This
is
another
problem
with
version
negotiation
mechanisms
in
general
is
that
you
either
like,
if
you
have
something
that's
trying
to
participate
in
the
conversation
that
is
trying
to
use
the
wire
image,
it
has
two
things
that
it
can
do
with
a
version
it
doesn't
understand
it
can
either
pass
it
forward,
say
I
don't
understand
this,
so
I'm
not
going
to
mess
with
it
cool
or
it
can
say.
E
I
don't
understand
this.
Therefore,
I
can't
perform
my
function
and,
of
course
the
world
is
better
within
my
function
than
it
is
without
it.
So
I'm
not
going
to
pass
the
traffic.
I
think
the
problem
with,
and
actually
we
should
probably
get
somebody
someone
in
here
who
actually
was
around
when
this,
but.
C
Like
if
you're,
if
you're,
if
you're
a
visible
endpoint
of
the
wire
right,
which
then
packs
your
traffic
is
up
the
up
the
stack
not
just
no,
not
just
that,
but
either
you
have
a
v6
address
or
you
do
not,
and
if
you
don't
have
vcs
rest,
you
know
v6
network,
and
so
it's
not
a
matter
of
interrupt
it's
a
matter
of
like
it
actually
had
to
participate
in
the
system
like
the
way
ip
routing
works.
Is
the
writers
have
ip
addresses.
E
And
so
right
so,
but
the
problem
that
we're
talking
about
here
is
the
fact
that
a
a
v4
packet
or
a
v6
packet
or
a
v,
whatever
an
ip
packet
encapsulated
in
ethertype
8600.
Is
it
and
it's
86ff?
It's
been
a
while
a
the
8600
mint
ip.
You
look
at
the
version
like
that.
That
was
what
it
was
supposed
to
be.
Look
at
the
version
to
figure
out
what
you're
going
to
do
with
the
header
and
what
everyone
did
was
look
at
the
ether
type
and
said
this
must
be
an
ipv4
header.
No.
C
E
A
F
F
You
know
in
the
web
case,
there's
almost
always
a
a
a
a
1.1
versus
a
http
1.1
versus
a
two
fullbacks.
So
so,
if
it
doesn't
work,
there's
something
you
can
immediately
try
so
v6.
It's
not
obviously
clear
what
the
fallback
is
in
a
lot
of
cases,
because
the
whole
point
of
it
is
is
to
get
devices
which
can't
have
a
v4
address
or
a
root
before
addresses.
So
how
do
you
fall
back,
which
makes
negotiation
different,
but.
C
F
D
B
B
D
So
I
guess
the
snmp
case
is
sort
of
interesting
to
me
in
that
the
difference
between
the
protocols
is
perhaps
not
like
hugely
security
relevant
like
if
you're
negotiating
between
tls
one,
not
two
and
one,
not
three
like
you
kind
of
care.
If
you
can
get
1.3,
you
want
to
super
reliably,
get
that
like
same
for,
if
you're
doing
quick
or
h3
versus
h2,
but
for
snmp
like
is
it
maybe
that
you
can
get
more
data
with
the
newer
version,
but
you
don't
fundamentally
care
if
you
get
stuck
on
the
older
version.
B
B
A
Right
and
arguably
then,
if,
if
really
it's
a
matter
of
configuration
and
expectation,
then
it's
really
just
like
the
other
out
of
band
mechanisms,
sure
it's
not
an
alpn
or
some
lower
level
protocol,
it's
just
completely
out
of
band,
but
that's
really
what
makes
it
work
in
a
way.
Maybe
that's
why
it
was
a
good
example
of
success.
B
E
F
A
Why
would
when
would
it
actually
make
sense
to
do
you
know
version
versus
just
adding
extensions,
and
this
is
similar
to
you-
know
some
of
the
discussions
we're
having
right
now
in
http
as
we're
doing
trying
to
do
abyss
of
h2,
and
you
know
people
bring
up.
Oh
should
we
just
do
a
new
alpn
and
that's
an
example
of
saying
you
know:
should
we
just
rev
versions
to
avoid
kind
of
cruft
or
ossification
or
bad
behavior?
We
didn't
like
in
certain
deployments,
even
if
it
could
be
otherwise
a
very
intelligible
protocol.
E
Is
that
an
extension
mechanism
where
you're
negotiating
an
extension
in
a
protocol?
It's
very
easy
to
add
it
and
relatively
difficult
to
take
it
away.
Like
you
get
this
problem
like
so,
for
example,
with
cypher
suites,
it
took
a
long
time
to
get
rid
of
bad
cypher
suites,
because
you
had
to
make
sure
that
all
of
the
implementations
that
might
be
or
that
neither
that
both
implementations
were
not
going
to
negotiate
it
right
and
it
was.
E
There
was
always
a
little
bit
of
fear
of
getting
rid
of
it
because
you're
going
to
trade
off
insecurity
for
connectivity,
whereas
with
a
heart
failure,
hard
version
change.
That
gives
you
an
opportunity
to
actually
deprecate
functionality
at
that
version.
Change
where
it's
never
in
the
new
version
right
like
so,
you
use
extensions
to
add
and
then
version
numbers
to
take
away.
C
E
B
Yeah
so
carlson
points
out
that
you
can.
You
can
negotiate
features
that
take
stuff
away,
and
I
I've
seen
some
cases
where
that's
been
successful.
Okay,
we
did
that
in
http
2
with
cypher
suites.
If
you'll
remember,
that's
a
really
long
appendix,
and
that
was
that
was
the
one
of
the
rocky
rockiest
parts
of
the
deployment
of
h2.
I've
got
to
say,
maybe
because
that
was
the
nature
of
the
the
way
that
we
did
it,
but
it
was.
It
was
pretty
rough.
D
A
B
E
A
Yeah,
so
just
as
a
thought
experiment
looking
at
some
of
the
discussions
we're
having
right
now
as
we
are
doing
this
of
h2,
you
know,
let's
say,
there's
a
feature
you
want
to
get
rid
of
like
we.
This
is
not
the
case,
but
let's
say
everyone
decided
that
we
hate
push
so
much
that
we
should
just
you
know,
make
it
not
possible
to
do
that.
A
We
don't
want
any
h2
push
and
you
know
we
would
have
the
option
of
saying
okay
rev
an
alpn
version
so
that
you're
guaranteed
you
never
have
this
or
you
say,
have
some
sort
of
negotiation.
Is
this
the
settings
or
some
other,
whatever
extension
mechanism?
You
have
to
say
I
don't
want
this.
I
don't
want
to
be
able
to
support
this
feature,
and
we
do
you
know,
as
I'm
pointing
out
here
like
there
is
the
option
of
saying
that
you
have
an
extension,
that
a
client
or
a
any
endpoint
in
this
can't
fail
hard.
A
E
E
E
Where
and
they're
like
I
there
it's
very
easy
to
have
very
long
arguments
from
first
principles
and
very
difficult
to
figure
out
what
the
actual
impact
of
of
sort
of
the
the
the
way
that
we
would
do.
This
in
a
continuation,
continuous
integration
environment
would
tend
to
work
in
certain
embedded
environments
and
then,
like
the
flip
side
of
that
was
then
maybe
you
should
use.
The
lack
of
connectivity
or
the
lack
of
or
the
complete
ossification
is
a
lever
to
get
better
engineering
practices
into
other
fields,
which
is.
E
A
You
know
we
could
have
a
you
know,
model
in
which
you
have
hard
version
changes,
and
these
things
are
probably
necessary
for
things
that
are
not
going
to
be
at
all
intelligible
across
versions.
But
the
other
way
of
thinking
a
version
of
a
version
is
just
like.
This
is
a
snapshot
of
a
protocol
that
has
support
for
these
particular
feature.
A
E
So
that
works
really
really
well
in
a
web-like
environment
right
like
so
in
in
you
know,
for
browsers
right,
the
browser
is
going
to
get
launched.
You
know
once
per
session
if
the
device
is
being
used
at
all,
I'm
wondering
if
so
the
way
that
you
would
recover
from
like.
Let's,
let's
you
know,
say
you
know
big
shiny
future,
we
actually
have
continuous
integration
all
the
way
up
and
down
the
stack
we
are.
E
We
are
rolling
out
new
versions
of
ip
bi-weekly,
because
we
saw
furified
everything
and
we
have
a
a
build
horizon
of
these.
That's
like
six
months
back
right
like
so
we're
doing.
What
is
that
25,
like
12
versions,
are
running
simultaneously
and
anything
older
than
version
minus
12
is,
is
you
know,
is
you
know
duncan
right,
yeah
the?
E
What
you
need
in
that
situation
is
a
bootloader
protocol
right
like
so.
Let's
say
that
I
you
know
went
on
a
really
long
vacation
or
you
know
it
wasn't
quarantine
or
whatever
reason
you'd
be
offline
for
six
months
and
you
you
boot
your
device
and
boom
you're.
None
of
your
you
can't
even
speak
ip
anymore
like
ethernet's,
probably
about
the
same
because
they
didn't
we're
not
shipping,
a
new
set
of
switches
to
your
house
every
two
weeks,
but
everything
else
is
has
changed.
C
I
mean
so
well
yeah
that
doesn't
work,
because
you
can't
you
have
to
say
that
securely
unless
you're
saying,
if
you
hang,
I
guess
so
I
mean
like
the
you
know,
though,
the
way
the
way
it
works
in
tls
and
the
way
the
way
this
theoretically
works
quick.
Is
that
the
the
version
that
the
mechanism,
which
is
user
version
negotiation,
gets
eventually
folded
and
transcripted
is
used
for
the
cryptographic
establishment?
C
B
B
C
Think
I
think
I
think
it's
mean
potentially
a
problem.
I
mean
there's,
there's
a
there's.
An
internet
draft
by
some
got
some
guy
martin
thompson
about
like
what
happens
when
you
have.
You
know
when
you,
when
you
have
two
different
protocols,
one
of
which
speaks
to
with
which
is
the
tls
handshake
with
different
different
properties,
and
I'm
sure
you
don't
get
forced
out
from
one
of
the
other.
C
A
Yeah
that
makes
sense,
and
I'm
glad
that
you
kind
of
agree,
because
when
I
was
reading
kind
of
the
beginning
of
the
document,
let's
say
going
through
section
2.
It
feels
like
there's
quite
a
bit
about
version
negotiation,
but
we
don't
kind
of
come
back
to
it
in
terms
of
our
analysis
or
the
principles,
and
it
feels
like
there
is
room
for
that
and
you
know
bumping
up
a
level
to
kind
of
more
meta
questions
on
the
document.
D
A
A
G
G
C
Well,
I
think
one
important
difference
in
versioning
and
extensions
is
the
extensions
are
orthogonal
in
many
cases,
so
I
mean
so
like
versioning
is
linear
right,
but
you
know
it's
perfectly
possible
to
have.
You
know
to
have
a
quit
to
have
a
quick
implementation
which
has
datagram
but
doesn't
do
I
don't
know
like
I
like,
like
doesn't
do
some
new
extension.
You
know
combined
acts,
I
think,
was
what
we
were
talking
about
with
extra
time
stamps,
or
vice
versa
right,
but
but
in
sure
ben
yeah.
C
So,
except
whether
or
not
but
versioning
is
never
a
right
and
it's
and
it's
also
that's
an
orthogonal.
It's
not
it's.
Not
it's!
Not!
It's
not
subsidible,
right
that
you
know
either
you
do.
You
know
usually
version
seven
or
you
don't,
but
you
can't
say
you
know
you
can't
offer
you
know
you
can't
offer.
I
do
versions,
six,
seven
and
nine
and
have
the
other
guys
say
well,
I'll
do
half
a
six
and
a
half
of
seven.
That's
not
possible
right.
So.
G
G
C
Not
saying
that,
what
I'm
saying
is
that
that
that's
different
from
versioning,
where
versioning
is
where
it's
one
so
like
imagine,
imagining
a
system
like
tls
or
quick
for
that
matter.
Where
you
have
you
can
offer
an
arbitrary
number
of
extensions.
The
other
side
can
subset
them
doing
that
with
a
version
number
requires
requires
to
find
the
common
explosion
of
all
possible
essential
loss
extension
points,
which
is
not
practical.
A
C
Behave
correctly
with
them
sure
you
could
do
that,
but
that
would
would
require
a
very
different
kind
of
protocols
line
from
the
from
the
all
cart
systems.
We
have
now
right
where
you
know
like
I
mean
so,
it's
like
again
just
go
back
to
tls
in
theory
you're
supposed
to
not
choke.
When
anybody
offers
you
any
extension
whatsoever
right,
but
it
doesn't
mean
to
take
the
extension,
and
so
so
I
don't
know
about
extension.
You
know
one
two,
three,
four
five
six,
but
like
I've
got
to
be
celebrations
that
I'm
not
gonna.
A
A
A
Am
I
going
to
end
up
stomping
on
actually
legitimate
extension
values
or
things
that
people
are
using
in
practice,
and
the
coordination
is
one
potential
way
to
make
sure
that
you
are
not
doing
that
if
you
had
a
mechanism
which
you
kind
of
had
this
rolling
version,
number
version
snapshot.
That
said
this
is,
I
know
about
all
the
extensions
up
to
this
point.
A
B
A
E
E
Great
okay!
Well,
so,
how
much
of
that
is?
How
much
of
that
is
people
actually
trying
to
to
meet
a
performance
requirement?
They
know
they
have
and
how
much
of
that
is
just
the
fact
that
we've
educated
a
generation
or
two
of
network
engineers
who
are
really
good
at
bit.
Shaving,
because
that's
how
you
pass
the
exams
right.
E
E
Right
when
you
develop
a
codec
you're
talking
about
sub
bits
and
we're
happy
about
that,
that's
what
actually
allows
us
to
waste
bits
in
the
network
right
but
yeah,
and
if
you're
talking
about
talking
about
a
codec,
that's
getting
the
maximum
amount
of
of
like
useful
information
into
certain
constant
size,
packets
and
maybe
you're,
making
those
packet
sizes
bigger
right.
So
you
can,
you
can
opt!
You
can
amortize
your
overhead
a
little
bit
that
way.
Then
you
can
actually
yeah
use
your
overhead.
E
This
is
the
thing
that
you
can
spend
overhead
on.
Right
is
the
is
the
the
flexibility
and
the
evolvability
of
the
stack.
Like
I
mean
the
the
problem
is:
is
that
you
you
for
this?
For
this
minimal
substrate
thing
you'd
either
have
to
identify
this
out
of
minimal
substrates
that
are
already
deployed,
or
you
have
to
say
we're
going
to
wait
20
years
for
it
to
happen
right,
because
that's
about
how
long
it
takes
to
to
forklift
the
internet.
E
B
That
that
really
just
just
speaks
to
the
value,
that's
provided
by
things
that
have
high
use
again
right
right.
So
the
things
that
people
care
about
are
the
things
that
continue
to
work.
And
so,
if
you
can
build
on
top
of
those
things,
then
you
don't
have
to
worry
about
solving
all
the
problems
that
have
been
solved
by
the
fact
that
there's
an
enormous
force
pushing
behind
it.
A
D
B
D
B
B
F
A
C
G
Kind
of
everything
that
you
don't
use
that
you
don't
grease
will
sooner
or
later
become
an
invariant
will
be
you
know,
especially
if
you
expose
it,
it
would
be
part
of
the
wire
image
and
people
would
just
like
treat
it
as
an
invariant,
so
kind
of
the
opposite
definition
of
everything.
That's
not
environment
variant
has
to
be
somehow
flexible,
used
and
changed
over
time.
That
was
kind
of
a
takeaway
from
me.
When
I
read
an
early
version
of
the
document,
not
sure
I
read
the
latest
one.
D
Yeah,
I
actually
filed
an
issue
during
the
call
that
was
sort
of
asking
do.
We
have
a
case
that
we
can
point
to
where
just
writing
down
the
invariance
is
enough
to
by
implication,
say
that
everything
else
is
subject
to
change,
or
do
we
actually
get
stuck
in
this
case
where,
even
if
you
document
the
invariance,
you
have
to
grease
or
exercise
everything
else
in
order
for
it
to
still
work.
A
I
I
agree,
I
mean
that's
kind
of
getting
into
the
editorial
comments,
but
I
it'd
be
interesting
to
look
at
ways
to
highlight
some
of
these
earlier,
because
I
feel
like
some
of
the
greasing
and
variance
bits
we
we
just
kind
of
like
fall
into
one
one.
Other
thing
I
I
note
that's
not
covered
in
the
document
because
I
don't
think
it
was
discussed
as
much
at
that
point.
A
D
A
D
This
is
exactly
what
you
were
going
for,
but
I
think
one
of
the
general
challenges
with
greasing
is
that
you
have
to
be
a
lot.
You
have
to
be
very
careful
about
where
what
you're
doing,
if
you
can't
place
a
timeout
on
it,
but
if
you
can
say
I'm
going
to
try
this
and
I
can
guarantee
that
it
will
not
be
used
anymore
in
you
know,
six
weeks
or
six
months,
then
you
have
a
fair
bit
of
flexibility
about
what
you
can
do.
A
D
B
D
F
A
F
B
B
I
think
the
the
future
here
is
in
the
the
big
actors
in
the
space
coordinating
and
using
using
features
in
such
a
way
that
people
routinely
encounter
new
code
points
whether
or
not
they
correspond
to
real
new
features
or
not.
They
they
keep
discovering
them,
and
that
might
just
be
down
to
okay.
So
in
the
month
of
january,
2021
everyone's
going
to
be
sending
the
tls
extension
code
0.57
and
at
the
end
of
the
month,
they'll
stop
yeah
and
I,
like
yeah,
go
for
a
brand.
You.
E
Could
actually
do
that
with
a
registry
that
was
easier
to
download
than
you
know
a
10
millennium
registry
right,
like
you,
can
you
can
have
a
yeah.
I
know
that
the
word
key
schedule
means
something
different,
but
it's
basically
a
key
schedule
right.
So
you
know
go
to
this.
The
the
semantics
of
go
to
this
website
and
figure
out
that
you're
going
to
send
this
on
this
date
is
enough
right
to
make
sure
that
that
gets
exercised.
C
But
my
impression
is
that,
like
most
of
those
systems
like
people,
work
on
those
systems,
learn
the
lesson
and
do
tests
for
those
things,
and
so,
like
they're,
not
saying
nobody
ever
makes
these
mistakes
again,
but
that,
like
it'd,
be
interesting
to
see
like
you
know
whether,
whether
we
really
find
that,
like
that,
this
it's
important
to
handle
this
as
badly
as
people
haven't
passed
and
they're
like
lots
of
mistakes.
People
used
to
make,
like
you
know
like
in
engineering
that,
like
like,
are
harder
to
make.
C
E
G
I
I
mean
I
also
try
to
make
this
comment
in
my
mail
earlier
that
I
think
I
agree
with
martin.
That,
like
active
use
should
be
the
goal
here
right.
Greasing
is
just
the
heck
if
you
can't
do
active
use
and
and
and
also
we
have
been
using
greasing
successfully
in
cases
where
there
has
been
ossification
and
we
just
needed
to
detect
the
broken
systems.
But
we
haven't
used
greasing
successfully
or
we
haven't
tried
it.
G
A
A
I
I
think
I'll
summarize
that
on
the
list,
I
think
there
are
some
specific
things
that
came
out
of
here
that
we
want
to
highlight-
and
I
think
it'd
be
worth
it
to
kind
of
get
some
pr's
on
that.
So
how
about
I'll
summarize
kind
of
the
some
of
the
concrete
things
that
we
could
add
and
try
to
write
down
or
research
or
document,
and
we
could
try
to
take
action
items
and
divvy
up
that
work
based
on
who
has
time
for
what
makes
sense.
That's
good
all
right
thanks!
Everyone.